Hi A user was able to log into my site using: 1' and '1' or '1 in the username and password box.
I ran the query SELECT * FROM members WHERE name = '1' and '1' or '1' AND password = '1' and '1' or '1' And it returned all rows. Can someone explain to me why this happens, and if the steps I took (replacing the ' with a blank space when the user submits the login form) is enough to prevent a similar "hack" Appreciate any feedback. -- Dave
